Failures from the snp_init() are currently being ignored by sme_enable().
Add missing error handling for cases where snp_init() fails to retrieve
SEV-SNP CC blob or encounters issues while parsing CC blob. SNP guests will
error out early with this change.
Signed-off-by: Nikunj A Dadhania <nikunj@xxxxxxx>
---
arch/x86/mm/mem_encrypt_identity.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/arch/x86/mm/mem_encrypt_identity.c b/arch/x86/mm/mem_encrypt_identity.c
index ac33b2263a43..e83b363c5e68 100644
--- a/arch/x86/mm/mem_encrypt_identity.c
+++ b/arch/x86/mm/mem_encrypt_identity.c
@@ -535,6 +535,13 @@ void __head sme_enable(struct boot_params *bp)
if (snp && !(msr & MSR_AMD64_SEV_SNP_ENABLED))
snp_abort();
+ /*
+ * The SEV-SNP CC blob should be present and parsing CC blob should
+ * succeed when SEV-SNP is enabled.
+ */
+ if (!snp && (msr & MSR_AMD64_SEV_SNP_ENABLED))
+ snp_abort();
+
/* Check if memory encryption is enabled */
if (feature_mask == AMD_SME_BIT) {
if (!(bp->hdr.xloadflags & XLF_MEM_ENCRYPTION))
--
2.34.1
